I love the idea that in order to exploit the tax loophole/benefits of being nominally based in Ireland, Facebook, google and co. can be held to account by the EU data protection rules.

Does anyone know how much the EU has in the way of punitive/financial teeth if the rules are shown to have been breached? Could it end up being more costly (theoretically at least - there's usually some kind of deal struck) than the sum of tax they allegedly avoided in the first place?

I assume the companies are still bound by US law either way. The companies may be EU based but the senior management are still in California. It's unlikely the EU guys have a clue as to what happens on servers in the US. I mean, the EU has known about the risks for a long time as has everyone else: http://euobserver.com/justice/118857. I guess we're lucky there's now sufficient confirmation that perhaps the EU has no choice but to take legal action and finally mandate that some of the more sensitive data not needed for social networking content (most of which isn't necessarily private anyway), be retained within an EU jurisdiction and not exported to the US where EU citizens have no legal standing.

I love the idea that in order to exploit the tax loophole/benefits of being nominally based in Ireland, Facebook, google and co. can be held to account by the EU data protection rules.

Does anyone know how much the EU has in the way of punitive/financial teeth if the rules are shown to have been breached? Could it end up eing more costly (theoretically at least - there's usually some kind of deal struck) than the sum of tax they allegedly avoided in the first place?

So, the US may be correct in saying spying on foreigners is within the law...just not everyone's law.

I wonder if certain US politicians or NSA employees would be subject to extradition for breaking the laws of states outside the US? Or, more probably, not allowed to travel to certain other countries for having broken their laws while "abroad" in the US?

While I think this is an interesting move I'm sceptical of it having any positive effect; EU countries that comply with NSA bulk-data gathering requests (e.g. UK) aren't likely to stop because the Data Protection Commissioner (that they appointed) writes them a strongly worded letter - or even should the top court order it. On the one hand there's probably some kind of reciprocal arrangement, and on the other hand there's almost certainly going to be diplomatic / economic pressure from the US to maintain the status quo. The biggest kid in the playground usually gets what he wants.

Quote:

since the US is still following the idea of “civil rights” (only applying to US citizens and people inside of the US) instead of “human rights”

Where are the United States action committees? I thought by now the news would be a-buzz about non-profits and committees taking the NSA to task and asking for an investigation, trials, etc, etc. Instead, the only news I see is about how the US is going after Snowden. Are we (US Citizens) really this whipped?

If an EU person's data or metadata originates in the EU and its destination is in the EU, does the US break EU law by copying and storing that data if it passes through US routers? If so, wouldn't there be consequences for breaking those laws?

If not illegal, it certainly makes the US look pretty bad for vacuuming up data-in-transit having nothing at all to do with the US save a few router hops.

While I think this is an interesting move I'm sceptical of it having any positive effect; EU countries that comply with NSA bulk-data gathering requests (e.g. UK) aren't likely to stop because the Data Protection Commissioner (that they appointed) writes them a strongly worded letter - or even should the top court order it. On the one hand there's probably some kind of reciprocal arrangement, and on the other hand there's almost certainly going to be diplomatic / economic pressure from the US to maintain the status quo. The biggest kid in the playground usually gets what he wants.

Quote:

since the US is still following the idea of “civil rights” (only applying to US citizens and people inside of the US) instead of “human rights”

Thought that this was worth re-quoting.

I don't think the impact of this will be fines for Facebook. Really, I don't see that Facebook is to blame in this case. The impact is that it may force Facebook to reveal information about the secret surveillance program. That would be interesting.

If an EU person's data or metadata originates in the EU and its destination is in the EU, does the US break EU law by copying and storing that data if it passes through US routers? If so, wouldn't there be consequences for breaking those laws?

If not illegal, it certainly makes the US look pretty bad for vacuuming up data-in-transit having nothing at all to do with the US save a few router hops.

That's where the internet can get hairy, I think. The data in question is intended for "Facebook" (or whomever), which is by nature a multinational entity, including the US.

While I _hope_ that the EU can reign in our administration and various governmental organs, I suspect that action against the various companies by the EU will be fairly minimal because the data necessarily must also exist in the US, was requested in the US, from US companies. (Bear in mind that for some of these companies, hundreds of millions in fine wouldn't make a significant dent.)

If an EU person's data or metadata originates in the EU and its destination is in the EU, does the US break EU law by copying and storing that data if it passes through US routers? If so, wouldn't there be consequences for breaking those laws?

If not illegal, it certainly makes the US look pretty bad for vacuuming up data-in-transit having nothing at all to do with the US save a few router hops.

That's where the internet can get hairy, I think. The data in question is intended for "Facebook" (or whomever), which is by nature a multinational entity, including the US.

While I _hope_ that the EU can reign in our administration and various governmental organs, I suspect that action against the various companies by the EU will be fairly minimal because the data necessarily must also exist in the US, was requested in the US, from US companies. (Bear in mind that for some of these companies, hundreds of millions in fine wouldn't make a significant dent.)

Agreed there wouldn't be much of a financial dent, but I think this whole idea makes Facebook and others very nervous. If they get nervous they'll start calling up the Congressmen they've bought for help. Hopefully that'll spur some change.

Where are the United States action committees? I thought by now the news would be a-buzz about non-profits and committees taking the NSA to task and asking for an investigation, trials, etc, etc. Instead, the only news I see is about how the US is going after Snowden. Are we (US Citizens) really this whipped?

I already see storage companies advertising all non-US-based storage. I suspect other services will follow suit. Companies like Facebook may end up severing ties with their parent companies for operation outside of the States. How that would work in terms of sharing (selling) data across platforms is a detail to be worked out.

That said, I'm not sure how one can route information around the 'Net and ensure that you don't go through routers in the US. I suspect the NSA is just as happy to gobble data in-flight as at rest.

I love the idea that in order to exploit the tax loophole/benefits of being nominally based in Ireland, Facebook, google and co. can be held to account by the EU data protection rules.

Does anyone know how much the EU has in the way of punitive/financial teeth if the rules are shown to have been breached? Could it end up eing more costly (theoretically at least - there's usually some kind of deal struck) than the sum of tax they allegedly avoided in the first place?

I love the idea that in order to exploit the tax loophole/benefits of being nominally based in Ireland, Facebook, google and co. can be held to account by the EU data protection rules.

Does anyone know how much the EU has in the way of punitive/financial teeth if the rules are shown to have been breached? Could it end up eing more costly (theoretically at least - there's usually some kind of deal struck) than the sum of tax they allegedly avoided in the first place?

Where are the United States action committees? I thought by now the news would be a-buzz about non-profits and committees taking the NSA to task and asking for an investigation, trials, etc, etc. Instead, the only news I see is about how the US is going after Snowden. Are we (US Citizens) really this whipped?

The short answer is yes. Also I highly doubt that anyone is surprised the NSA was spying on us. It is pretty much their job or rather has become their job. Its just that we didn't know the extent of the spying and I suspect it hardly stops at just what we came to know recently.

I guess most people just don't care all that much because they really haven't done anything terribly bad with the gathered data. If there was more proof of severe misuse, then maybe there might be more of an uproar.

This whole complaint appears to be based on the assumption that the NSA has warrantless and unhindered access to Facebook members' personal data, which I've only seen supported by an interpretation of the vague use of the word direct in a classified document. No details on how the data are accessed were given. No details on the process to gain access were given. Snowden's leaks only give enough details to allow people to assume the worst without evidence.

Of course for the NSA to have such direct access they would have to have direct access to all the politicians who are providing oversight and authorization to the NSA. All those politicians would have to be blatantly ignoring the US Constitution to a level even they would blanch at, and without it being in the immediate aftermath of something like 9/11 during which some poor decisions were definitely made.

This complain will go no where simply because cause their is no evidence that Facebook has mishandled personal data. Conspiracy theories aren't evidence. Vague second hand reports aren't evidence.

While gag orders put in place by US courts aren't binding on European courts, it is doubtful that people in the European branch of Facebook know details of how the program works given that it was classified and that classified data requires the proper clearances, plus a direct need to know, and is generally restricted to US persons. So unless they have evidence that Facebook in Europe had specific knowledge that Facebook US was handling data in ways that violated US law, or the end user agreement, even if Facebook US didn't provide adequate protections, the legally distinct Facebook in Europe isn't at fault.

No real evidence or harm or that Facebook in Europe should have been aware of any bad behavior even if it did occur.

Where are the United States action committees? I thought by now the news would be a-buzz about non-profits and committees taking the NSA to task and asking for an investigation, trials, etc, etc. Instead, the only news I see is about how the US is going after Snowden. Are we (US Citizens) really this whipped?

If by whipped you mean pussy-whipped, then yes. Yes we are.

The Congressional Committees are probably looking at what these programs actually do, what authorizations they must get before accessing data, and how few people's data is actually gathered and trying to reconcile with that with the conspiracy theories in the media. That's probably rendering them speechless. If not the fact that they can't tell anyone how the programs actually operate is probably keeping them quiet. After all these programs are classified. If makes if very difficult for the government to defend itself against these kind of conspiracy theories where people take a few facts and then extrapolate it into a broad program where everything everyone does is being watched.

Where are the United States action committees? I thought by now the news would be a-buzz about non-profits and committees taking the NSA to task and asking for an investigation, trials, etc, etc. Instead, the only news I see is about how the US is going after Snowden. Are we (US Citizens) really this whipped?

The ACLU (and EFF?) have started legal action. Google it.

As for your complaint regarding the news...what do you expect? Whether you supported Obama or not, you have to have noticed that the main news organizations often give his administration a pass/benefit of the doubt.

Although, with recent allegations of spying on the media having come to light, that might change.

I don't think the impact of this will be fines for Facebook. Really, I don't see that Facebook is to blame in this case. The impact is that it may force Facebook to reveal information about the secret surveillance program. That would be interesting.

Like others, though, I do love the idea of a penalty for off-shoring.

I'm with you. I think the best thing that will come out of this is more transparency. The Patriot act pretty much forbids facts of such cases from being revealed by anyone with knowledge of them. But in the EU these cases can be pursued openly...and the firms will be required to reveal what they did in order to adhere to EU laws.

The short answer is yes. Also I highly doubt that anyone is surprised the NSA was spying on us. It is pretty much their job or rather has become their job. Its just that we didn't know the extent of the spying and I suspect it hardly stops at just what we came to know recently.

I guess most people just don't care all that much because they really haven't done anything terribly bad with the gathered data. If there was more proof of severe misuse, then maybe there might be more of an uproar.

I agree. Until / unless there comes to light a sympathetic "victim" who has been imprisoned / harmed due to NSA overreach / abuse of powers....the general public will assume this is a victim-less action.

Under European Union law, Facebook is required to comply with user data requests within 40 days, since its international (e.g., non-American) headquarters are in Ireland (largely for tax reasons). This means that all Facebook users outside the United States and Canada (which have their own, less-stringent privacy rules) are effectively governed by Irish and EU data protection authorities.

Petard: hoisted.

It's always the tax-avoidance schemes that will get you into trouble. If we learned nothing else from Al Capone, we should have learned that.

Where are the United States action committees? I thought by now the news would be a-buzz about non-profits and committees taking the NSA to task and asking for an investigation, trials, etc, etc. Instead, the only news I see is about how the US is going after Snowden. Are we (US Citizens) really this whipped?

If by whipped you mean pussy-whipped, then yes. Yes we are.

The Congressional Committees are probably looking at what these programs actually do, what authorizations they must get before accessing data, and how few people's data is actually gathered and trying to reconcile with that with the conspiracy theories in the media. That's probably rendering them speechless. If not the fact that they can't tell anyone how the programs actually operate is probably keeping them quiet. After all these programs are classified. If makes if very difficult for the government to defend itself against these kind of conspiracy theories where people take a few facts and then extrapolate it into a broad program where everything everyone does is being watched.

Haha...wow. So, Patriot Act prevents those involved in any of these cases from even discussing them or acknowledging that they're involved, but it's the GOVERNMENT that can't defend itself.

Just wow. I assume when the trenchcoats show up at your house and say "Hi, we're from the government, we're here to help you" you willingly do what they say.

I already see storage companies advertising all non-US-based storage. I suspect other services will follow suit. Companies like Facebook may end up severing ties with their parent companies for operation outside of the States. How that would work in terms of sharing (selling) data across platforms is a detail to be worked out.

That said, I'm not sure how one can route information around the 'Net and ensure that you don't go through routers in the US. I suspect the NSA is just as happy to gobble data in-flight as at rest.

Actually, starting yesterday, a local radio station has started advertising 100% Canadian web hosting. It made me wonder if it was in response to the recent leaks.

So, if US law applies to persons running websites outside of the US, who have intent on doing business in the US, and the US can file charges against people running said business, freeze their accounts etc(Kim Dotcom/MU), does it not also follow that US companies doing business in the EU are then subject to EU laws and persons responsible can then be extradited to the EU to face EU charges of violating the personal privacy of millions of persons in the EU?

I love the idea that in order to exploit the tax loophole/benefits of being nominally based in Ireland, Facebook, google and co. can be held to account by the EU data protection rules.

Does anyone know how much the EU has in the way of punitive/financial teeth if the rules are shown to have been breached? Could it end up being more costly (theoretically at least - there's usually some kind of deal struck) than the sum of tax they allegedly avoided in the first place?

To clarify some things:Technically, it is not European law, but an European "directive" which has to be interpreted in national law. As all those companies are based in Ireland, it is the Irish interpretation of the directive that counts.The ECJ (European Court of Justice, not to be confused with the General Court or the European Court of Human Rights) will not directly rule on this, but only (probably) advise the Irish court, as it is within Irish jurisdiction. Those decisions are binding however and could range from fines to a ban on European operations (though that is unlikely). So there is much more at stake for those companies than only fines.The Microsoft (and other) fines are something entirely different, being the result of an action brought by the European commission in a European Court (ECJ), not by an individual in a local court.(Yes, the EU is complicated. And the judicial system even more.)

So, if US law applies to persons running websites outside of the US, who have intent on doing business in the US, and the US can file charges against people running said business, freeze their accounts etc(Kim Dotcom/MU), does it not also follow that US companies doing business in the EU are then subject to EU laws and persons responsible can then be extradited to the EU to face EU charges of violating the personal privacy of millions of persons in the EU?

... and extradition of NSA operatives?!

This is going to be interesting to see how US is going to defend them breaking the EU law, and how they are going to do it without shooting themselves in the foot when they try to export US law all over internet.

This whole complaint appears to be based on the assumption that the NSA has warrantless and unhindered access to Facebook members' personal data, which I've only seen supported by an interpretation of the vague use of the word direct in a classified document. No details on how the data are accessed were given. No details on the process to gain access were given. Snowden's leaks only give enough details to allow people to assume the worst without evidence.

Of course for the NSA to have such direct access they would have to have direct access to all the politicians who are providing oversight and authorization to the NSA. All those politicians would have to be blatantly ignoring the US Constitution to a level even they would blanch at, and without it being in the immediate aftermath of something like 9/11 during which some poor decisions were definitely made.

This complain will go no where simply because cause their is no evidence that Facebook has mishandled personal data. Conspiracy theories aren't evidence. Vague second hand reports aren't evidence.

While gag orders put in place by US courts aren't binding on European courts, it is doubtful that people in the European branch of Facebook know details of how the program works given that it was classified and that classified data requires the proper clearances, plus a direct need to know, and is generally restricted to US persons. So unless they have evidence that Facebook in Europe had specific knowledge that Facebook US was handling data in ways that violated US law, or the end user agreement, even if Facebook US didn't provide adequate protections, the legally distinct Facebook in Europe isn't at fault.

No real evidence or harm or that Facebook in Europe should have been aware of any bad behavior even if it did occur.

This is going nowhere fast.

I suggest that in your fervour to defend the indefensible you are missing almost ALL of the key points.

The complaints in the various EU jurisdictions will have more impact than you seem to wish to believe. Primarily these complaints will force the data protection authorities to act, and by so doing will in turn put the issue of the widespread potential violations of constitutional rights in Germany, and fundamental rights protected in the EU Charter on Fundamental Rights and Freedoms, firmly on the political agenda. At least in Germany, the federal constitutional court has not been bought and is not the toothless travesty that the US Supreme Court seems to be in respect of defending the constitution. I would, for example be surprised indeed if the German Court will permit the tactic of the DOJ to refuse to answer questions and then to argue that a plaintif cannot establish standing.

For another: The violation of constitutional rights IS a harm, by definition.

PRISM isn't what the media is reporting it as. The government approaching the companies and asking for data maybe happening, and likely is. But this is not what the PRISM program is. And that's why all the companies are saying they are not giving the government direct access to their servers. Because they aren't.

When the government asks for data, the companies give more-or-less only what is required by law, some more so than others.

But, what PRISM is, happens outside of the company's walls. The NSA has fiber optic splitters setup at the routers closest to the company, but outside of the company, and they are storing every single bit to goes into, and comes out of the target. This way, the NSA doesn't have to ask for the data, because it already has it! And this is why the program is call PRISM. It is splitting the fiber optic light.